core: fix pre-hydrated config not being escaped properly

closes #3442 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00 · 2022-08-18 13:53:22 +02:00 · 198c940a80
parent c900411d5a
commit 198c940a80
3 changed files with 6 additions and 6 deletions
--- a/authentik/core/templates/if/admin.html
+++ b/authentik/core/templates/if/admin.html
@ -10,8 +10,8 @@
 <script>
 window.authentik = {};
 window.authentik.locale = "{{ tenant.default_locale }}";
-window.authentik.config = JSON.parse('{{ config_json|safe }}');
-window.authentik.tenant = JSON.parse('{{ tenant_json|safe }}');
+window.authentik.config = JSON.parse('{{ config_json|escapejs }}');
+window.authentik.tenant = JSON.parse('{{ tenant_json|escapejs }}');
 </script>
 {% endblock %}

--- a/authentik/core/templates/if/flow.html
+++ b/authentik/core/templates/if/flow.html
@ -12,8 +12,8 @@
 <script>
 window.authentik = {};
 window.authentik.locale = "{{ tenant.default_locale }}";
-window.authentik.config = JSON.parse( '{{ config_json|safe }}');
-window.authentik.tenant = JSON.parse('{{ tenant_json|safe }}');
+window.authentik.config = JSON.parse('{{ config_json|escapejs }}');
+window.authentik.tenant = JSON.parse('{{ tenant_json|escapejs }}');
 window.authentik.flow = {
    "layout": "{{ flow.layout }}",
 };
--- a/authentik/core/templates/if/user.html
+++ b/authentik/core/templates/if/user.html
@ -10,8 +10,8 @@
 <script>
 window.authentik = {};
 window.authentik.locale = "{{ tenant.default_locale }}";
-window.authentik.config = JSON.parse('{{ config_json|safe }}');
-window.authentik.tenant = JSON.parse('{{ tenant_json|safe }}');
+window.authentik.config = JSON.parse('{{ config_json|escapejs }}');
+window.authentik.tenant = JSON.parse('{{ tenant_json|escapejs }}');
 </script>
 {% endblock %}